Networking equipment maker Zyxel has pushed security updates for a critical vulnerability affecting some of its enterprise firewall and VPN products that could allow an attacker to take control of devices.
“An authentication bypass vulnerability caused by the lack of an appropriate access control mechanism has been discovered in the CGI program of certain firewall versions,” the company said in an advisory published this week. “The flaw could allow an attacker to bypass authentication and gain administrative access to the device.”
The flaw has been assigned the identifier CVE-2022-0342 and is rated 9.8 out of 10 for its severity. Alessandro Sgreccia of Tecnical Service Srl and Roberto Garcia H and Victor Garcia R of Innotec Security are credited with reporting the bug.
The following Zyxel products are affected:
- USG/ZyWALL running firmware versions ZLD V4.20 through ZLD V4.70 (fixed in ZLD V4.71)
- USG FLEX running firmware versions ZLD V4.50 through ZLD V5.20 (Fixed in ZLD V5.21 Patch 1)
- ATP running firmware versions ZLD V4.32 through ZLD V5.20 (Fixed in ZLD V5.21 Patch 1)
- VPN running firmware versions ZLD V4.30 to ZLD V5.20 (fixed in ZLD V5.21)
- NSG running firmware versions V1.20 to V1.33 Patch 4 (Hotfix V1.33p4_WK11 available now, with standard patch V1.33 Patch 5 expected in May 2022)
Although there is no evidence that the vulnerability has been exploited in the wild, users are recommended to install firmware updates to prevent any potential threats.
CISA Warns of Actively Exploited Flaws by Sophos and Trend Micro
The disclosure comes as Sophos and SonicWall this week released patches for their firewall appliances to address critical flaws (CVE-2022-1040 and CVE-2022-22274) that could allow a remote attacker to run arbitrary code on affected systems.
The critical Sophos firewall vulnerability, which has been observed exploited in active attacks against some organizations in South Asia, has since been added by the US Cybersecurity and Infrastructure Security Agency (CISA) to its catalog of known exploited vulnerabilities.
Also added to the list is a high-severity arbitrary file upload vulnerability in Trend Micro’s Apex Central product that could allow an unauthenticated remote attacker to upload an arbitrary file, resulting in code execution (CVE-2022 -26871, CVSS score: 8.6).
“Trend Micro has observed active attempted exploitation against this vulnerability in the wild (ITW) in a very limited number of cases, and we have already been in contact with these customers,” the company said. “All customers are strongly encouraged to update to the latest version as soon as possible.”